Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted refpolicy 2:2.20210203-3 (source) into unstable
Date: Tue, 23 Feb 2021 10:19:03 +0000
Signed by: Russell Coker <etbe@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 23 Feb 2021 16:57:40 +1100
Source: refpolicy
Architecture: source
Version: 2:2.20210203-3
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
Changed-By: Russell Coker <russell@coker.com.au>
Changes:
 refpolicy (2:2.20210203-3) unstable; urgency=medium
 .
   * Add policy for blkmapd which is part of nfs service (included in upstream)
   * Add interfaces systemd_search_user_runtime()
   * Allow systemd_user_runtime_dir_t to unlink dirmngr sock files
   * Allow sshd_t to talk to systemd_nspawn_t via Unix sockets
   * Allow syslogd_t to search systemd_user_runtime_t dirs
   * Allow acpid_t to rw input device files
   * Allow restorecond_t to watch all dirs
   * Allow mailman_queue_t to search the cron spool dir, also allow it to be
     started as a daemon and to write mailman pid files
   * Included upstream git patches for latest systemd features, this may
     save some pain when Bullseye+1 is released
   * Allow systemd-nspawn to mount on and manage more things when
     systemd_nspawn_labeled_namespace is on.
   * Allow smbcontrol_t to talk to itself via Unix domain sockets
   * Add policy for postfwd
   * Allow aptcacher_t to read urandom and random devices and to read kernel
     sysctls
   * Label /usr/lib/x86_64-linux-gnu/libexec/* as bin_t for KDE/sddm login
     Allow user to execute and execmod user tmpfs files, for KDE
     Allow user to write to user_runtime_t sock files
   * Add policy to run the certbot --nginx which runs nginx, doesn't work
     in all situations but should cover the common cases.
   * Set label for /usr/bin/redis-check-rdb (redis server binary in Debian)
     and allow redis to read certs and read vm and net sysctls.
Checksums-Sha1:
 1f16bd35c15dcbdf84ba0cca5996b467747f402e 2445 refpolicy_2.20210203-3.dsc
 5b6713bfd201755bee2ed9828a25aaafc76094a9 87504 refpolicy_2.20210203-3.debian.tar.xz
 1eefe32a4cea4b377f144bbbd297c729c8c80709 8573 refpolicy_2.20210203-3_amd64.buildinfo
Checksums-Sha256:
 d184b403c916fafb8e5dbfcb3abf58549f06cc13c2d4ce27230562c3a6a81eeb 2445 refpolicy_2.20210203-3.dsc
 9c22102f4edd7740ad0876912d9343577fc41f97132bb4965f95d61945670352 87504 refpolicy_2.20210203-3.debian.tar.xz
 2bfa50f38b2d410398dad77ad1e62711b9dea5f053c0b0e2284201c9c24779b0 8573 refpolicy_2.20210203-3_amd64.buildinfo
Files:
 bcf826c697d7b6b622547bfc339919c4 2445 admin optional refpolicy_2.20210203-3.dsc
 994a15c218c80091e01e10f8d1468997 87504 admin optional refpolicy_2.20210203-3.debian.tar.xz
 4f8c38246929963263ad273ca8f9b841 8573 admin optional refpolicy_2.20210203-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAmA00mgACgkQ0UHNMPxL
j3kzcg/+IwOOjl7WupIXnDFtnckDtxTyrbkZJvLe7l+uNoe2+gYN70EjKqAF+I86
vNvkqDW1LhBnJzwmZxDM0nskAJOgdtwlX6nRU892BfLdROzDS2fs4US7Tqvy/vBe
Av3zdpB7CYhVkELENr89F/A1JF533aCxISqZFUgX2qumNtmvNFY1WHh8QgwrOnK8
/KCUOoeVO1VOwev8p/aE1z8lcxj8eeW4WP5QOa6eLXYMIRHtRFoKE7hy+Y8wZ6Ho
vFqmRzZ01Yth79cqBsogIIF1dQ5f4IMdT4Gorcc7v9IEbrPN+mU3DcdYeLd1NKvH
MsZtRRVbFK9CfG7Gj2xHL7Cpv8eB5UWB6TtNABId3Kl581UB27lsFytNreWqA1gl
Ohw9EfvHaMUFKh/6iu7P7ZPV3cndESAmCjETy4BuArsRLfAGz6jxUu4F2+oar89j
UB8pU2tsMkaJNIZBVaDWo6Y1C19PufNeiLrpbwgVs3uGWoKBFdYoELD1i8G4bBBl
mMBUei7MM7h+3DwGuiGCxFlF3gfjmJhpPlnrVTuWQnynT23B58dfClffBnO7j41R
IIMrpI/W6f5NNymoAkApjVqHauSkKidWvMvCYd0RzvtZYvjySQyYYnrBghpJVkiY
YwsLhXoyNV39lyGwXCa/RDtjkeB0Q9P6QIRAHJdKVqwDfUQ0D7s=
=uMru
-----END PGP SIGNATURE-----
News for package refpolicy
